The post method really hung me up for a few hours today. The documentation doesn't mention that it is encoding htmlspecialchars. I finally looked at the post method in the engine and found my problem.
I'm reading data from MySQL to a form. I use htmlspecialchars on my form data so it displays correctly. Then I use htmlspecialchars_decode on the $_POST data. For some reason single quotes were getting encoded as ' in my database. This was happening even after running htmlspecialchars_decode.
I would think that Trongate's post method would be using htmlspecialchars_decode instead of htmlspecialchars. What is the reason for encoding htmlspecialchars on posted values?
Trongate Version: 1.3.3038
Why is the post method encoding htmlspecialchars?
3 years ago
3 years ago
#1
3 years ago
#2
I found a solution to fix the single quote.
However, I still like to know the reason why the engine's post method is encoding htmlspecialchars.
However, I still like to know the reason why the engine's post method is encoding htmlspecialchars.
3 years ago
#3
It was added quite recently because a bunch of angry Laravel developers attacked the Help Bar, the website generally, my own YouTube channel, my Twitch channel and probably whatever else they thought they could get away with.
They were registering my own username followed by (or starting with) HTML symbols that would not be visible to the untrained eye. So, they were basically trying to impersonate me and cause trouble. It all escalated fairly quickly and it was a very nuclear incident.
The html special characters thing was a rush job, made recently - in response to all of that garbage. I'm still not entirely happy with how that gets handled and it's something that I'm eager to look at again.
That being said, I'm looking forward to having a closer look at your code and coming to this with a fresh mind.
Many thanks for your comments.
They were registering my own username followed by (or starting with) HTML symbols that would not be visible to the untrained eye. So, they were basically trying to impersonate me and cause trouble. It all escalated fairly quickly and it was a very nuclear incident.
The html special characters thing was a rush job, made recently - in response to all of that garbage. I'm still not entirely happy with how that gets handled and it's something that I'm eager to look at again.
That being said, I'm looking forward to having a closer look at your code and coming to this with a fresh mind.
Many thanks for your comments.
3 years ago
#4
Saw a new commit get posted.
Looking forward to trying out the new code when I get back to work.
Looking forward to trying out the new code when I get back to work.
3 years ago
#5
Thanks. The new code was written by the GPT (AI) engine. I had a conversation with Chat GTP today and described what I wanted. Then I got GTP to refine the code and make it easy to read.
Trongate is now, almost certainly, the only PHP framework that is being partly written by AI.
I do not agree with the people who say that AI will steal web developer jobs. I see this as being all positive. All of it. Whilst it's still early days for AI, I think it can be particularly useful for dealing with things like security and even proof reading of docs.
It's a really amazing technology and it's only going to get better.
Trongate is now, almost certainly, the only PHP framework that is being partly written by AI.
I do not agree with the people who say that AI will steal web developer jobs. I see this as being all positive. All of it. Whilst it's still early days for AI, I think it can be particularly useful for dealing with things like security and even proof reading of docs.
It's a really amazing technology and it's only going to get better.